Xbox One login vulnerability discovered by a five year old

This site may earn affiliate commissions from the links on this page. Terms of use.

Microsoft has added the name of a 5-year-old to their recognition page for security researchers that have discovered flaws in Microsoft products. Kristoffer Von Hassel is the boy in question, and his new found fame is due to an embarrassing discovery made in the Xbox One login process.

Kristoffer discovered that the login system for the Xbox One could be easily defeated. The bypass is hilariously simple: after typing in the wrong password for an Xbox Live account you are taken to a separate verification screen. If you fill in the password field on this screen by repeatedly pressing the space key, the console recognizes this as a correct password and grants you access to the account.

After being caught in the act, Kristoffer’s father recorded his son breaking into his account with such ease and sent the video to Microsoft.The Xbox team clearly had to act quickly and closed the security hole, but also did the right thing by rewarding Kristoffer.

The company gave the kid four games, $50, and a year of Xbox Live for his discovery. You can see his name on the TechNet site already, and since Microsoft has fixed the vulnerability already it looks like all is well again. Meanwhile, Kristoffer’s Dad might consider picking up a copy of Python for Kids or something similar, since according to him this isn’t the first security bypass his kid has discovered and he may have a bright software career ahead of him.